Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for spa525g_firmware by cisco

    CVE-2021-1379 (GCVE-0-2021-1379)

    Vulnerability from nvd – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:23
    VLAI
    Title
    Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.1.2
    Affected: 11.2.1
    Affected: 11.2.3
    Affected: 11.2.2
    Affected: 11.2.3 MSR1-1
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.1
    Affected: 11.1.2 MSR3-1
    Affected: 11.0.0
    Affected: 11.1.1 MSR1-1
    Affected: 11.0.1
    Affected: 11.1.1 MSR2-1
    Affected: 11.2.4
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 11.3.2
    Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Create a notification for this product.
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.0(3)
    Affected: 9.0(2)SR2
    Affected: 9.0(2)SR1
    Affected: 9.2(1)
    Affected: 9.4(2)SR1
    Affected: 9.4(2)
    Affected: 9.4(2)SR2
    Affected: 9.4(2)SR3
    Affected: 9.3(1)SR2
    Affected: 9.3(1)SR3
    Affected: 9.3(1)SR1
    Affected: 9.1(1)SR1
    Affected: 9.3(1)SR4
    Affected: 9.2(3)
    Affected: 9.2(1)SR2
    Affected: 9.3(1)
    Affected: 9.4(2)SR4
    Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Create a notification for this product.
    Cisco Cisco Small Business IP Phones Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.5.5a
    Affected: 7.3.7
    Affected: 7.5.2
    Affected: 7.5.1
    Affected: 7.4.6
    Affected: 7.5.7
    Affected: 7.4.4
    Affected: 7.6.2SR3
    Affected: 7.6.2
    Affected: 7.5.6
    Affected: 7.5.6c
    Affected: 7.6.0
    Affected: 7.4.7
    Affected: 7.6.2SR6
    Affected: 7.5.2b
    Affected: 7.5.5
    Affected: 7.5.6a
    Affected: 7.6.2SR2
    Affected: 7.5.3
    Affected: 7.5.2a
    Affected: 7.5.6(XU)
    Affected: 7.5.7s
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.4.9
    Affected: 7.5.5b
    Affected: 7.6.2SR5
    Affected: 7.5.4
    Affected: 7.6.1
    Affected: 7.6.2SR7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:22:56.651830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:23:13.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR4"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:42:00.388Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
            "defects": [
              "CSCvu59351"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1379",
        "datePublished": "2024-11-18T15:42:00.388Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:23:13.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20218 (GCVE-0-2023-20218)

    Vulnerability from nvd – Published: 2023-08-03 21:20 – Updated: 2024-10-17 14:59
    VLAI
    Summary
    A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20218",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:58:32.797326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:59:14.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user\u0027s browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability.  \r\n\r  {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:22.717Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf82071"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20218",
        "datePublished": "2023-08-03T21:20:29.588Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-10-17T14:59:14.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20181 (GCVE-0-2023-20181)

    Vulnerability from nvd – Published: 2023-08-03 21:22 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:51.566Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf04956"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20181",
        "datePublished": "2023-08-03T21:22:47.480Z",
        "dateReserved": "2022-10-27T18:47:50.364Z",
        "dateUpdated": "2024-08-02T09:05:36.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1683 (GCVE-0-2019-1683)

    Vulnerability from nvd – Published: 2019-02-25 17:00 – Updated: 2024-11-21 19:44
    VLAI
    Title
    Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
    Summary
    A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107111 vdb-entryx_refsource_BID
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
              },
              {
                "name": "107111",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107111"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:00:23.263210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:44:31.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business SPA500 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA112 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA525 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA5X5 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-26T10:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190220-ipphone-certs",
            "defect": [
              [
                "CSCvm49157",
                "CSCvn17125",
                "CSCvn17128"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
              "ID": "CVE-2019-1683",
              "STATE": "PUBLIC",
              "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business SPA500 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA112 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA525 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
                },
                {
                  "name": "107111",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107111"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190220-ipphone-certs",
              "defect": [
                [
                  "CSCvm49157",
                  "CSCvn17125",
                  "CSCvn17128"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1683",
        "datePublished": "2019-02-25T17:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:44:31.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1379 (GCVE-0-2021-1379)

    Vulnerability from cvelistv5 – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:23
    VLAI
    Title
    Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.1.2
    Affected: 11.2.1
    Affected: 11.2.3
    Affected: 11.2.2
    Affected: 11.2.3 MSR1-1
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.1
    Affected: 11.1.2 MSR3-1
    Affected: 11.0.0
    Affected: 11.1.1 MSR1-1
    Affected: 11.0.1
    Affected: 11.1.1 MSR2-1
    Affected: 11.2.4
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 11.3.2
    Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Create a notification for this product.
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.0(3)
    Affected: 9.0(2)SR2
    Affected: 9.0(2)SR1
    Affected: 9.2(1)
    Affected: 9.4(2)SR1
    Affected: 9.4(2)
    Affected: 9.4(2)SR2
    Affected: 9.4(2)SR3
    Affected: 9.3(1)SR2
    Affected: 9.3(1)SR3
    Affected: 9.3(1)SR1
    Affected: 9.1(1)SR1
    Affected: 9.3(1)SR4
    Affected: 9.2(3)
    Affected: 9.2(1)SR2
    Affected: 9.3(1)
    Affected: 9.4(2)SR4
    Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Create a notification for this product.
    Cisco Cisco Small Business IP Phones Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.5.5a
    Affected: 7.3.7
    Affected: 7.5.2
    Affected: 7.5.1
    Affected: 7.4.6
    Affected: 7.5.7
    Affected: 7.4.4
    Affected: 7.6.2SR3
    Affected: 7.6.2
    Affected: 7.5.6
    Affected: 7.5.6c
    Affected: 7.6.0
    Affected: 7.4.7
    Affected: 7.6.2SR6
    Affected: 7.5.2b
    Affected: 7.5.5
    Affected: 7.5.6a
    Affected: 7.6.2SR2
    Affected: 7.5.3
    Affected: 7.5.2a
    Affected: 7.5.6(XU)
    Affected: 7.5.7s
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.4.9
    Affected: 7.5.5b
    Affected: 7.6.2SR5
    Affected: 7.5.4
    Affected: 7.6.1
    Affected: 7.6.2SR7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:22:56.651830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:23:13.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR4"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:42:00.388Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
            "defects": [
              "CSCvu59351"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1379",
        "datePublished": "2024-11-18T15:42:00.388Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:23:13.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20181 (GCVE-0-2023-20181)

    Vulnerability from cvelistv5 – Published: 2023-08-03 21:22 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:51.566Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf04956"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20181",
        "datePublished": "2023-08-03T21:22:47.480Z",
        "dateReserved": "2022-10-27T18:47:50.364Z",
        "dateUpdated": "2024-08-02T09:05:36.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20218 (GCVE-0-2023-20218)

    Vulnerability from cvelistv5 – Published: 2023-08-03 21:20 – Updated: 2024-10-17 14:59
    VLAI
    Summary
    A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20218",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:58:32.797326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:59:14.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user\u0027s browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability.  \r\n\r  {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:22.717Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf82071"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20218",
        "datePublished": "2023-08-03T21:20:29.588Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-10-17T14:59:14.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1683 (GCVE-0-2019-1683)

    Vulnerability from cvelistv5 – Published: 2019-02-25 17:00 – Updated: 2024-11-21 19:44
    VLAI
    Title
    Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
    Summary
    A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107111 vdb-entryx_refsource_BID
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
              },
              {
                "name": "107111",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107111"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:00:23.263210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:44:31.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business SPA500 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA112 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA525 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA5X5 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-26T10:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190220-ipphone-certs",
            "defect": [
              [
                "CSCvm49157",
                "CSCvn17125",
                "CSCvn17128"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
              "ID": "CVE-2019-1683",
              "STATE": "PUBLIC",
              "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business SPA500 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA112 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA525 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
                },
                {
                  "name": "107111",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107111"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190220-ipphone-certs",
              "defect": [
                [
                  "CSCvm49157",
                  "CSCvn17125",
                  "CSCvn17128"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1683",
        "datePublished": "2019-02-25T17:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:44:31.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }